using System.Text.RegularExpressions;

namespace CoreApp.Utility
{
    /// <summary>
    /// XSS (Cross Site Scripting，跨站脚本攻击) 脚本过滤
    /// </summary>
    public class XSSHelper
    {
        public XSSHelper() { }

        /// <summary>
        /// 过滤的字符串
        /// </summary>
        /// <returns></returns>
        private const string strRegex = @"<|>|~|'|;|`|#|\$|￥|\[|\]|\^|\-|\*|select|insert|delete|from|count|drop|update|truncate|and|or|in|like|exec|execute|script|xp_cmdshell|exec|master|netlocalgroup|style";

        /// <summary>
        /// XSS过滤
        /// </summary>
        /// <param name="str"></param>
        /// <returns></returns>
        public static string XSSFilter(string str)
        {
            if(string.IsNullOrWhiteSpace(str))
                return string.Empty;

            string result = Regex.Replace(str.ToLower(), strRegex, string.Empty);
            return result;
        }
    }
}